DLNA across two interfaces / subnets



  • I have set up pfSense with two NIC's as router for my home. On the LAN side is a DLNA Server (Twonky) and some DLNA clients / media renderer. On the WAN side is also one device that need to access the DLNA server. Searching here in the forum revealed that with IGMP proxy I can accomplish this task. Unfortunately there is not much info on how to set it up correctly. It should not matter which interface is set up as upstream or downstream interface. But by simply configuring a downstream and upstream interface not make the DLAN server visible to the client. What else need to be configured? Maybe some firewall rules?  :-\



  • Might be useful http://www.which.co.uk/reviews/televisions/article/advice/what-is-dlna
    and assuming you dont have compatibility issues like this bit mentioned in the link
    "First of all, file formats can be a bit of an issue. Some DLNA devices might play MP4 video files, but the device the MP4 is being sent to may be unable to recognise this particular file type. The same goes for the popular DivX video file type that many LG TVs support."

    then, yes it looks like you just need to create some rules so your wan device(s) can get through to your lan side server(s), but this is where it can get tricky, becuase you might not want to rely on the security of your dlna server to keep others out if you were to just create a Port Forward rule which will let anyone in from the wan to your DLNA/Mail/Web server(s).

    https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F
    https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

    Whats the device that is wan side?
    If its something like a phone, perhaps you can add say Openvpn to the phone which will get you behind the wan on its own network interface/ip range and then add another rule which takes you from the vpn network range to the lan network.

    I say OpenVPN as this uses UDP which is a packet of data that sends no packets back and is able to work when other restrictions might exist, unlike tcp packets which sends a receipt packet back and thus is less efficient at shifting data across networks. You'll find most streaming services use UDP instead of TCP as UDP is quickest.

    So quick answer is do a Port Forward ie create a NAT rule which will also add a fw rule for you automatically, but if you dont want to rely on your DLNA servers security abilitys, consider using something like OpenVPN on your wan device to get your securely behind the wan interface onto pfsense and then add a fw rule to go from your openvpn network range to your dlna server on your lan.

    hth.


  • Netgate Administrator

    Basically DLNA is not intended to be used across subnets. As a way of allowing devices/clients to discover servers it functions well enough but many manufacturers have come to depend on it entirely rendering their otherwise functional products completely non-functional.  >:( Any media playback client would have no problems at all accessing a server in another subnet if only there was a box in which to enter the servers IP address but manufacturers think that's too hard for consumers so it's DLNA or nothing!

    People have made it work with IGMP proxy but many have also failed. What devices are you connecting to the server?

    Steve



  • Let me provide some background info. For past years I have been using this router from my provider. It was doing NAT, WiFi, phone system etc. And using the cordless phones from same manufacturer allowed me to listen to DLNA sources in the LAN on the phone or send the stream to other media renderer in the network. Recently I changed my tariff plan to obtain a static IP and allow me to install my own router. The "old" router now has been degraded by the provider to a cable modem with a public IP (bridging to one LAN port) and telephone system. Other functionalities are gone. And since the "old" router / "new" cable modem now has only a public IP it won't see my local DLNA server.
    Using a VPN to achieve my goal is therefore not possible.
    So I would start to set up IGMP proxy with the upstream interface being my LAN 192.168.0.0/24 and downstream interface is the IP of my old router aka cablemodem?!
    For firewall config I came across this guide, see section "Swisscom TV"
    Do you think it is applicable (with some tweaking) to my scenario?


  • Netgate Administrator

    Hmm, I'm still not clear.  :-
    You are trying to setup an IGMP proxy between LAN and WAN. What device is on the WAN side that need access to DLNA resources in the LAN?

    Steve



  • The cablemodem which is able to act as a DLNA client (in combination with some phones that support this).


  • Netgate Administrator

    Ah, OK. So your new cable modem is not just a modem then. Does it have a web interface? What IP is that accessed on? Does your pfSense box get a public IP on its WAN interface? (PPPoE, DHCP?)
    If it really does have only a public IP then you would be opening up your firewall to multicast traffic from the internet in general which seems like a very bad idea!

    Steve



  • Actuall it is still the same router as I used for whole this time (see link above) and my provider re-configured it to act as cable modem and telephone system.
    For sure it has a webinterface and a public IP (..*.109). The WAN interface on pfsense is configured as .110 with .109 as gateway. So I guess I can bury the idea to get it working for the sake of security  :-\


  • Netgate Administrator

    If it has a fixed IP then you can just limit your firewall rules to only allow that traffic.
    It seem odd to me that a phone system would have DLNA playback capability. I guess why not.  ;)

    Steve



  • Haha, be sure it does. You can either play from USB storage attached to the box or any DLNA source. While it was still configured as router it worked pretty well. You can browse the media library on your phone and forward it to any media renderer in the network. So the phone acts like a remote control - pretty neat feature.
    So I gave it a try and set up IGMP proxy as above. I enabled the option that allows packets with IP options to pass in my allow-all-outbound rule (LAN). Both rules (IGMP and UDP) for WAN have been configured like in that swisscom tutorial with source IP set to .109
    But guess what? not working :(


  • Netgate Administrator

    Well DLNA is not IPTV so it's not directly transferable. Your server is on the inside playing streams to the outside so it's working the opposite way around to the IPTV example.
    There are a few threads here I contributed to about getting DLNA working across two interfaces/subnets. At least one of them was successful.  ;)
    Let me see if I can find it….Hmm can't find it. Thus might be useful though:
    https://forum.pfsense.org/index.php?topic=73171.0
    You'll need to know what ports your DLNA server is using for actually streaming the data.

    Steve



  • Still trying to figure out the ports of Twonky. Unfortunately the config files are not accessible as it is built into my NAS.
    But with the IGMP proxy set up and the IGMP rule on the WAN interface at least the media server should show up. IGMP is used for discovery of devices ahile later on the actual streaming is done via UDP?!


  • Netgate Administrator

    You also need a rule on wan to allow udp port 1900 (also with IP options?) for the ssdp part of the discovery.
    I'm not totally sure on this but I beleive it should go something like this:
    Client sends out a multicast igmp packet, 'who is out there?'.
    Server responds.
    Client then talks SSDP to find out the name of the server and what services it offers.
    Client then talks to the media server to request files/streams on the appropriate port.

    Steve


Log in to reply